[Cerowrt-devel] DNSSEC & NTP Bootstrapping -- prototype!

Toke Høiland-Jørgensen toke at toke.dk
Sun Mar 30 15:30:00 EDT 2014


Toke Høiland-Jørgensen <toke at toke.dk> writes:

> This would involve teaching the uclibc resolver about the CD bit and
> expose it in the resolver API I think. Can look into how difficult
> this actually is to do; with the caveat that I'm not exactly an expert
> on such code :P

OK, went looking at the code. As far as I can tell, it would probably be
possible to teach the part of uclibc that does DNS lookups about the CD
bit. However, I'm not sure there's a way to pass the request for no
validation through the resolver to the right place; certainly not
without entirely reworking the way ntpd does hostname lookups (and
possibly other parts of the C library as well). Either way it's not
something I feel up to with the time I have available for hacking on
cerowrt. So I am abandoning this avenue of enquiry.

I'll be happy to work on improving the dnsmasq script with the
--dnssec-no-timecheck parameter approach; but if it is going to be
rejected in favour of a different approach I'd rather not waste any more
time on it... :)

-Toke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140330/71669a71/attachment.sig>


More information about the Cerowrt-devel mailing list